Hey Guy's,

Getting below message which in turn fails to list proper UID / GID on NFSv4 mounts from within an unprivileged account. All files show up with owner and group as nobody / nobody when viewed from the client.

Is there a way to structure /etc/idmapd.conf to allow for proper UID / GID resolution? Or perhaps another solution?


[root@client01 etc]# cat /etc/idmapd.conf|grep -v "#"| sed -e "/^$/d"
[General]
Verbosity = 7
Domain = nix.my.dom
[Mapping]
[Translation]
[Static]
[UMICH_SCHEMA]
LDAP_server = ldap-server.local.domain.edu
LDAP_base = dc=local,dc=domain,dc=edu
[root@client01 etc]#

Mount looks like this:

nfs-c01.nix.my.dom:/n/my.dom on /n/my.dom type nfs4 (rw,relatime,vers=4.0,rsize=8192,wsize=8192,namlen=255,hard,proto=tcp,port=0,timeo=10,retrans=2,sec=sys,clientaddr=192.168.0.236,local_lock=none,addr=192.168.0.80)

/var/log/messages

Mar 6 00:17:27 client01 nfsidmap[14396]: key: 0x3f2c257b type: uid value: t...@my.dom@localdomain timeout 600 Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: calling nsswitch->name_to_uid Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name 't...@my.dom@localdomain' domain 'nix.my.dom': resulting localname '(null)' Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name 't...@my.dom@localdomain' does not map into domain 'nix.my.dom' Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: nsswitch->name_to_uid returned -22 Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: final return value is -22 Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: calling nsswitch->name_to_uid Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name 'nob...@nix.my.dom' domain 'nix.my.dom': resulting localname 'nobody' Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0 Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: final return value is 0 Mar 6 00:17:27 client01 nfsidmap[14398]: key: 0x324b0048 type: gid value: t...@my.dom@localdomain timeout 600 Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: calling nsswitch->name_to_gid Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: nsswitch->name_to_gid returned -22 Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: final return value is -22 Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: calling nsswitch->name_to_gid Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0 Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: final return value is 0
Mar  6 00:17:31 client01 systemd-logind: Removed session 23.




Result of:

systemctl restart rpcidmapd

/var/log/messages
-------------------
Mar 5 23:46:12 client01 systemd: Stopping Automounts filesystems on demand...
Mar  5 23:46:13 client01 systemd: Stopped Automounts filesystems on demand.
Mar  5 23:48:51 client01 systemd: Stopping NFSv4 ID-name mapping service...
Mar  5 23:48:51 client01 systemd: Starting Preprocess NFS configuration...
Mar  5 23:48:51 client01 systemd: Started Preprocess NFS configuration.
Mar  5 23:48:51 client01 systemd: Starting NFSv4 ID-name mapping service...
Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: using domain: nix.my.dom Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: Realms list: 'NIX.MY.DOM' Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap: using domain: nix.my.dom Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap: Realms list: 'NIX.MY.DOM' Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap: loaded plugin /lib64/libnfsidmap/nsswitch.so for method nsswitch Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: loaded plugin /lib64/libnfsidmap/nsswitch.so for method nsswitch
Mar  5 23:48:51 client01 rpc.idmapd[14118]: Expiration time is 600 seconds.
Mar  5 23:48:51 client01 systemd: Started NFSv4 ID-name mapping service.
Mar 5 23:48:51 client01 rpc.idmapd[14118]: Opened /proc/net/rpc/nfs4.nametoid/channel Mar 5 23:48:51 client01 rpc.idmapd[14118]: Opened /proc/net/rpc/nfs4.idtoname/channel

--
Cheers,
Tom K.
-------------------------------------------------------------------------------------

Living on earth is expensive, but it includes a free trip around the sun.

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

Reply via email to